edit

OX LDAP Properties#

Overview#

ox-ldap.properties file contains information required for the Gluu CE Server to connect with LDAP for authenticating and authorizing the user/admin and also provides the connection strings to various component's of Gluu CE or site to fetch required information for the installed and configured components during setup after installation. For setup/configuration detail, please refer to Setup Script Options ox-ldap.properties file will be stored under /etc/gluu/conf/

Properties in ox-ldap#

Below are the properties that are written in ox-ldap.properties for the Gluu CE server to connect with LDAP.

Property Description
Bind DN Stores the DN of the connecting LDAP server
Bind Password Stores the password of the DN, which is provided during setup
servers LDAP server with port number
useSSL Provides a boolean value, depending on the SSL used, and is set to true or false
ssl.trustStoreFile Path to the SSL trust store
ssl.trustStorePin Credential for the trust store
ssl.TrustStoreFormat File format for certificates in trust store
maxconnections number of maximum connections to be used, this is can be left to be set it to default
connection.max-wait-time-millis The maximum time in milliseconds to wait for a connection response
connection.max-age-time-millis After this much time in milliseconds, recreate the polled connection
connection-pool.health-check.on-checkout.enabled Select whether to perform a connection health check when checking it out from the pool
connection-pool.health-check.interval-millis How often connections in pool are checked. Not used when connection-pool.health-check.on-checkout.enabled=true
connection-pool.health-check.max-response-time-millis How long to wait during connection health check
certsDir Path of the certificates stored
confDir Path of the configuration directory
pythonModulesDir Path of the custom Python modules
binaryAttributes This property should be left to be default ObjectGUID

Note

In most cases, periodic health checks with connection-pool.health-check.interval-millis and connection.max-age-time-millis are sufficient. If there are severe network issues, setting connection-pool.health-check.on-checkout.enabled=true can help, but can result in the LDAP operation performance decreasing by 20-30%.